Сливать нетфлоу с mpd5[12:28][dubolom][/home/mike]#cat /usr/local/etc/mpd5/mpd.conf
startup:
set global enable tcp-wrapper
set user admin parol admin
set console self 127.0.0.1 5005
set console open
#set web self 0.0.0.0 5006
#set web open
#set ippool add pool1 10.15.0.1 10.15.4.1
set netflow peer 172.16.0.128 9997
set netflow self 172.16.0.128 9996
set netflow hook 9000
set netflow timeouts 60 120
default:
load pptp_server
load pppoe_server
pptp_server:
create bundle template B_pptp
set iface idle 0
set iface enable tcpmssfix proxy-arp netflow-in netflow-out
set ipcp no vjcomp
set iface up-script "/usr/abills/libexec/linkupdown mpd up"
set iface down-script "/usr/abills/libexec/linkupdown mpd down"
set ipcp ranges 172.16.0.128 ippool pool1
set ipcp dns 172.16.0.1
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e128
set mppc yes stateless
create link template L_pptp pptp
set link action bundle B_pptp
set pptp disable windowing
# Multilink adds some overhead, but gives full 1500 MTU.
set link enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 60
# We reducing link mtu to avoid GRE packet fragmentation
set link mtu 1460
load server_common
pppoe_server:
create bundle template B_pppoe
set iface idle 0
set iface enable tcpmssfix proxy-arp netflow-in netflow-out
set ipcp no vjcomp
set iface up-script "/usr/local/etc/mpd5/mpd-script.pl up"
set iface down-script "/usr/local/etc/mpd5/mpd-script.pl down"
set ipcp ranges 172.16.0.128 ippool pool1
set ipcp dns 172.16.0.1
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e128
set mppc yes stateless
create link template L_pppoe pppoe
set link action bundle B_pppoe
set pppoe acname "bras1"
set pppoe iface le0
set pppoe service "*"
load server_common
server_common:
set link no pap eap
set link yes chap-md5
set link keep-alive 20 60
set link mtu 1492
set link enable incoming
set link no acfcomp protocomp
set auth acct-update 60
set auth timeout 21
set auth disable internal
load radius
radius:
set radius config /etc/radius.conf
set auth acct-update 60
set radius retries 3
set auth enable radius-auth
set auth disable internal
set auth enable radius-acct
set auth disable internal
[12:28][dubolom][/home/mike]#cat /etc/rc.conf
hostname="dubolom.local"
ifconfig_le0="DHCP"
keyrate="fast"
[some text skipped]
mpd_enable="YES"
flow_capture_enable="YES"
flow_capture_datadir="/usr/abills/var/log/ipn/"
flow_capture_port="9997"
flow_capture_flags="-S 5 -n 1300 -N 0 -d 5"
# /etc/crontab - root's crontab for FreeBSD
#
# $FreeBSD: src/etc/crontab,v 1.32.32.1 2008/11/25 02:59:29 kensmith Exp $
#
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
HOME=/var/log
[some text skipped]
* * * * * root /usr/abills/libexec/traffic2sql 1 flowdir=/usr/abills/var/log/ipn